1
00:00:07,750 --> 00:00:14,860
Social Security technology protects most websites that process sensitive data.

2
00:00:15,400 --> 00:00:22,150
SSL establishes a secure, encrypted link between a server and a client.

3
00:00:22,930 --> 00:00:31,690
Most commonly, the connection is between a web server and a browser or email client on a cloud computer.

4
00:00:32,680 --> 00:00:37,720
SSL is referred to as a security protocol because.

5
00:00:38,830 --> 00:00:47,530
It specifies algorithms for encryption and the necessary variables for the connection encryption.

6
00:00:48,340 --> 00:00:58,270
The purpose of securing a connection with SSL is to protect data such as credit card numbers, assignment

7
00:00:58,270 --> 00:01:05,590
credentials and other critical data, while the data transfers between a client and a server.

8
00:01:06,560 --> 00:01:10,400
To establish a SSL protected connection.

9
00:01:10,640 --> 00:01:13,700
You must install the certificate on the server.

10
00:01:14,800 --> 00:01:21,700
Your internal CIA or a public C can issue a certificate for us as.

11
00:01:22,930 --> 00:01:29,110
Most Web sites available on the Internet have a certificate issued by a public set.

12
00:01:29,500 --> 00:01:34,090
So the most browsers trust to your server a certificate.

13
00:01:35,080 --> 00:01:41,200
However, you also can use a certificate that your local CAA issued.

14
00:01:41,950 --> 00:01:45,670
Both types of certificates can secure a connection.

15
00:01:46,180 --> 00:01:53,620
But most browsers that connect to the website where you installed the certificate cannot trust.

16
00:01:53,620 --> 00:02:02,620
An internal issued certificate being untrusted will not prevent a certificate from securing.

17
00:02:03,940 --> 00:02:12,970
A connection, but it will present a warning message when the browser connects to your website.

18
00:02:13,720 --> 00:02:21,880
Most companies want to avoid that, so most secure websites on the Internet use public certificates.

19
00:02:22,540 --> 00:02:31,060
Internet browsers come with a pre-installed list of trusted sources, and they store it in a trusted

20
00:02:31,060 --> 00:02:32,440
Droid C store.

21
00:02:33,750 --> 00:02:42,390
Please know that buying a public SSL certificate does not guarantee that all clients will trust the

22
00:02:42,390 --> 00:02:44,280
certificate automatically.

23
00:02:44,940 --> 00:02:52,860
Make sure that you choose a certificate vendor that is trusted globally and has its key certificates

24
00:02:52,860 --> 00:02:54,570
presenting clients.

25
00:02:54,570 --> 00:02:58,440
Pre-installed trusted route C stores.

26
00:03:00,030 --> 00:03:04,770
Now some words about securing a connection with an SSL certificate.

27
00:03:06,090 --> 00:03:10,350
Each certificate has a key player associated with it.

28
00:03:10,830 --> 00:03:17,310
After it is issued, the key pair consist of a public and private key.

29
00:03:17,700 --> 00:03:22,260
In this case, work together in an encryption process.

30
00:03:23,010 --> 00:03:29,910
Data that isn't grouped into the public key can be decrypted only with a correspondent private key.

31
00:03:30,510 --> 00:03:33,510
And the reverse is also true.

32
00:03:34,980 --> 00:03:39,300
Each keeper is unique besides a keeper.

33
00:03:39,570 --> 00:03:48,930
Each certificate also has a subject name that specifies the identity of the server or website where

34
00:03:48,930 --> 00:03:50,670
the certificate is installed.

35
00:03:51,680 --> 00:04:00,650
Whenever a browser connects to a secure Web site, the client and server establish an SSL connection.

36
00:04:01,880 --> 00:04:07,070
The Associated Connection established during the SSL handshake.

37
00:04:07,550 --> 00:04:12,770
This handshake process occurs as described below.

38
00:04:13,490 --> 00:04:20,210
First, the user types or Gleeks and it appears IRL in a web browser.

39
00:04:20,870 --> 00:04:30,200
Second, the web browser software connects to a website and requests for the server to identify itself.

40
00:04:31,070 --> 00:04:37,310
Third, the web browser presents its SSL certificate with a certificate.

41
00:04:37,520 --> 00:04:41,780
The server also distributes its public gear to the client.

42
00:04:43,030 --> 00:04:47,980
Fourth, the client performs a check of the server certificate.

43
00:04:48,460 --> 00:04:56,920
It checks the subject name and compares it to the URL that it uses to access the server.

44
00:04:58,020 --> 00:05:08,550
Also he checks if any of the C is a trusted druid C store issued the certificate and it checks the serial

45
00:05:09,240 --> 00:05:17,190
distribution point or city p locations to verify if the certificate is a revoked.

46
00:05:18,820 --> 00:05:25,930
The fifth step is if all checks pass, the client generates a symmetric encryption key.

47
00:05:26,620 --> 00:05:34,210
The client and server use a symmetric key for decrypting data because the public and private key players

48
00:05:34,570 --> 00:05:40,570
are not very efficient in encrypting and decrypting large amounts of data.

49
00:05:41,440 --> 00:05:48,520
The client generates a symmetric key and then encrypt risk with the server's public key.

50
00:05:49,700 --> 00:05:54,200
After that, the client sent the encrypted symmetric key to the server.

51
00:05:54,980 --> 00:06:02,810
And the final step is the server uses its private key to decrypt the encrypted symmetric key.

52
00:06:03,440 --> 00:06:10,340
Now both server and client have a symmetric key and secure a data transfers can begin.

53
00:06:11,650 --> 00:06:19,720
Now during this process, the server proves its identity to the client by presenting its SSL certificate.

54
00:06:20,380 --> 00:06:29,050
If the server name in the certificate matches the URL that the client requested, and if a trusted say

55
00:06:29,320 --> 00:06:33,790
issued the certificate, then the client trusts the server.

56
00:06:35,120 --> 00:06:36,930
Has a well-lit identity.

57
00:06:37,520 --> 00:06:42,590
Also the client has check to the validity of the certificate by.

58
00:06:43,630 --> 00:06:44,110
Chicken.

59
00:06:44,110 --> 00:06:52,450
It's lifetime and through the application of the cereals list means that establishing an association

60
00:06:52,450 --> 00:06:54,400
is not just about encryption.

61
00:06:54,940 --> 00:06:59,290
It also provides authentication from the server to the client.

62
00:07:00,680 --> 00:07:07,490
Please know that client authentication is not part of the classic SSL handshake.

63
00:07:08,150 --> 00:07:13,850
This means that the client does not have to provide its identity to the server.

64
00:07:14,600 --> 00:07:21,020
However, you also can configure your website to require client authentication.

65
00:07:22,510 --> 00:07:29,290
The client also can use a certificate to authenticate itself to the server.

66
00:07:30,560 --> 00:07:35,720
Know some words about configuring an SSL certificate on a server.

67
00:07:37,530 --> 00:07:42,450
To use SSL to protect communication between a server and the client.

68
00:07:42,690 --> 00:07:45,570
You must install the certificate on the server.

69
00:07:46,230 --> 00:07:48,300
You can install it in several ways.

70
00:07:49,200 --> 00:07:57,090
However, before you install the certificate on the server, you must define the name or names that

71
00:07:57,090 --> 00:07:58,680
the certificate supports.

72
00:07:59,730 --> 00:08:03,960
For example, if you want to protect your website over the URL.

73
00:08:04,470 --> 00:08:04,980
David.

74
00:08:04,980 --> 00:08:05,280
David.

75
00:08:05,280 --> 00:08:07,470
David dot editor dot com.

76
00:08:08,010 --> 00:08:15,450
Then you need to issue the certificate with the common name through w dot datum dot com.

77
00:08:17,020 --> 00:08:24,250
Please know that a certificate can be issued only for a domain name, not for a full URL.

78
00:08:24,700 --> 00:08:32,560
For example, a certificate with a common name, a date and dot com will protect the URL a date from

79
00:08:32,560 --> 00:08:37,600
dot com slash sales or similar similar urls.

80
00:08:38,680 --> 00:08:43,810
In some scenarios, you need to have more than one domain name on the same server.

81
00:08:44,500 --> 00:08:48,430
A typical example of this is Microsoft Exchange Server.

82
00:08:49,620 --> 00:08:54,330
A certificate installed on the server must support its public name.

83
00:08:54,900 --> 00:09:02,160
For example, mail got a date from dot com and or to discover a date dot com.

84
00:09:03,320 --> 00:09:07,370
Because both names are associated with the same website.

85
00:09:07,820 --> 00:09:12,110
You cannot assign more than one certificate to a single website.

86
00:09:12,710 --> 00:09:19,800
You must use a certificate that supports multiple names, also known as a subject.

87
00:09:19,850 --> 00:09:21,170
Alternative names.

88
00:09:21,920 --> 00:09:25,940
This means that you have one certificate with more than one name.

89
00:09:26,300 --> 00:09:34,490
Both internal seats on Windows Server 2016 and the public CS can issue this certificate.

90
00:09:37,390 --> 00:09:43,900
Also, please know that instead of having one certificate with multiple name on the same domain, you

91
00:09:43,900 --> 00:09:52,360
also can issue a wildcard certificate with a common name such as asterisk dot a date from dot com.

92
00:09:53,170 --> 00:09:59,440
This certificate will be valid for all names with a domain suffix added from dot com.

93
00:10:00,310 --> 00:10:08,980
If you choose to utilize the wild card certificate, you should take extra precautions to secure the

94
00:10:08,980 --> 00:10:10,690
associated private key.

95
00:10:11,350 --> 00:10:18,880
If the private key were to be compromised, someone could use it to decrypt sensitive traffic with a

96
00:10:19,360 --> 00:10:25,380
legitimate host or to impersonate a trusted host in the domain.

97
00:10:27,320 --> 00:10:27,570
No.

98
00:10:27,710 --> 00:10:36,920
To issue an SSL certificate from an internal say you can use follow an approach of you can use the C

99
00:10:36,920 --> 00:10:41,960
console on the server to make a certificate or request to the C.

100
00:10:42,710 --> 00:10:49,490
By using this approach, you can specify an additional attributes for the certificate, such as the

101
00:10:49,490 --> 00:10:53,930
certificate template or the subject alternative name.

102
00:10:54,810 --> 00:11:01,890
However, after the certificate installs, you must assign it to the appropriate website manually.

103
00:11:03,080 --> 00:11:06,740
Another approach is to use the IRS counsel.

104
00:11:07,460 --> 00:11:13,370
In the IRS counsel, you make a cert request directly to the see.

105
00:11:14,360 --> 00:11:20,180
However, when you use this approach, you are not able to choose a certificate template.

106
00:11:20,900 --> 00:11:29,240
It looks for a web server template by default, and you cannot specify a subject alternative name.

107
00:11:30,620 --> 00:11:35,210
This is, however, the simplest way to install a certificate on the website.

108
00:11:36,790 --> 00:11:39,850
The third approach is to use a new weapon enrollment.

109
00:11:40,450 --> 00:11:46,720
This approach is appropriate if you want to use your certificate to assure that it is not a member of

110
00:11:46,720 --> 00:11:47,470
your domain.

111
00:11:48,100 --> 00:11:49,600
For this type of enrollment.

112
00:11:49,930 --> 00:11:52,690
You must first make a certificate to request.

113
00:11:54,070 --> 00:12:01,030
Richards got a rec file and then submitted this request on the CAA weapon enrollment page.

114
00:12:02,350 --> 00:12:03,760
There you also go.

115
00:12:03,760 --> 00:12:09,880
Specify the cert template and add subject to alternative names if needed.

116
00:12:11,570 --> 00:12:18,950
So if you are buying a public book, publish publicly trusted SSL certificate.

117
00:12:19,310 --> 00:12:21,890
The procedure is somewhat different.

118
00:12:22,940 --> 00:12:29,510
After you choose a certificate vendor, you will first have to go through an administrative procedure

119
00:12:29,780 --> 00:12:34,550
to prove the identity of your company and domain name ownership.

120
00:12:35,180 --> 00:12:42,680
After that, you must create a certificate, signing, a request or CSR on your server.

121
00:12:43,100 --> 00:12:53,300
This CSR creates the private key and a CSIRO data file, which basically is a certificate to request.

122
00:12:53,870 --> 00:12:55,940
You then send the CSR.

123
00:12:58,490 --> 00:13:00,380
To the certificate issuer.

124
00:13:01,070 --> 00:13:11,330
The CAA uses the CSR data file to create a public key to match your private key without compromising

125
00:13:11,360 --> 00:13:12,230
the key itself.

126
00:13:13,040 --> 00:13:22,250
The city never recognises the private key in this or any previous scenarios for certificate issue except

127
00:13:22,250 --> 00:13:25,790
when you have configured key archival.

128
00:13:25,940 --> 00:13:28,720
But even then the key is encrypted.

129
00:13:30,000 --> 00:13:35,010
Next up, we'll be talking about using certificates for digital signature.

130
00:13:35,520 --> 00:13:36,390
I'll sue them.